Li Finance has joined the list of protocols exploited since 2022 began losing around $600,000 worth of cryptocurrencies to hackers. According to a post mortem analysis disclosed by the protocol’s team, a bug in the smart contract was identified as the factor responsible for the colossal loss of the sum.
Going further, the report revealed that the bug was targeted at the platform’s swapping product. As a result, 29 wallets in all were hacked. The latest exploit in the DeFi ecosystem stresses the need for developers to be on top of their game to avoid future losses.
More Details About the Hack
Looking at the final report released by Li Finance, the team explains the $600k worth of virtual currencies were taken away from 29 hot wallets due to a vulnerability identified by the malicious players in the smart contract of the swapping product. The team further revealed that during swapping, the actors could access the contracts.
Therefore, any approval given to the smart contract was at the mercy of the criminals. Cryptocurrencies that were catered away were MATIC, DAI, USDC, USDT, and several other minor tokens. The interesting part was the players exchanged the stolen tokens for ETH, and held them since then.
The more exciting news is Li Finance disabled the swap service upon confirming the source of the problem and has reimbursed about 25 wallets affected in the hack. The team reveals the remaining four will be duly rewarded.
Given that the remaining wallets lost a combined total of $517k, it will take Li Finance some time to reimburse them. According to reports, the financial protocol may have other plans for the remaining wallets, as it is proposing the four wallets convert the hacked funds into an angel investment. It’s up to the owners to decide if they accept the offer.
Following the hack report, the team assumed full responsibility and was transparent throughout the ordeal. In the press release, Li Finance admitted being careless with the security audit, adding that it will improve the security measures around the DeFi protocol.
Recent Crypto Exploits Recorded
Crypto exploits ruled the headlines on numerous occasions last year. According to reports, over a billion dollars were lost due to smart contract vulnerability in the sector. 2022 already boasts of some hacks. a
Last week, Deus Finance reportedly lost about $3M worth of assets to hackers who exploited the platform’s oracle. The funds were wired through Tornado Cash.
Last month, IRA Financial, a South Dakota company, lost $36M belonging to some high-profile clients to DeFi exploiters. As of this publication, there’s no news if the financial company has recovered all lost funds.
Wormhole witnessed a devastating attack earlier this year, losing about $326M worth of wrapped ether. Qubit also lost funds to hackers to the tune of $80 million.